search

chef-boneyard / push-jobs-cookbook

Development repository for Chef Cookbook push-jobs
https://supermarket.chef.io/cookbooks/push-jobs
Apache License 2.0
21 stars 43 forks source link

disables encryption and allows use of 1.x server? #83

Closed gliptak closed 8 years ago

gliptak commented 8 years ago

Cookbook version

2.6.4 push-jobs-client.x86_64 2.1.0-1.el7 installed

Chef-client version

12.9.41

Platform Details

Oracle Linux Server release 7.1

Scenario:

failing to connect to 1.x (?) Chef Server

Steps to Reproduce:

The following error started to show up on a node (I tried push-jobs versions from 2.6.4 to 2.8.0 ...)

I tried to override:

default['push_jobs']['allow_unencrypted'] = true

but reading the source

https://github.com/chef-cookbooks/push-jobs/blob/master/templates/default/push-jobs-client.rb.erb

the allow_unencypted value is not processed.

Is there a component I'm to roll back to overcome this?

Thanks

Expected Result:

opscode-push-jobs service to connect to Chef Server

Actual Result:

Seeing following log entries (repeated every few seconds):

2016-05-23_15:55:29.96948 INFO: [server1] using config file path: '/etc/chef/push-jobs-client.rb'
2016-05-23_15:55:29.97089 INFO: [server1] Using node name: server1
2016-05-23_15:55:29.97092 INFO: [server1] Using org name: myorg
2016-05-23_15:55:29.97093 INFO: [server1] Using Chef server: https://chefserver:443/organizations/myorg
2016-05-23_15:55:29.97096 INFO: [server1] Using private key: /etc/chef/client.pem
2016-05-23_15:55:29.97097 INFO: [server1] Incarnation ID: 162c6f0d-8e4f-395f-b107-ca8b860036fe
2016-05-23_15:55:29.97097 INFO: [server1] Allowing fallback to unencrypted connection: false
2016-05-23_15:55:29.97098 INFO: [server1] Starting client ...
2016-05-23_15:55:29.97099 INFO: [server1] Retrieving configuration from https://chefserver:443/organizations/myorg//pushy/config/server1: ...
2016-05-23_15:55:30.03089 ERROR: [server1] Exiting: No key returned from server; server may be using 1.x protocol. The config flag 'allow_unencrypted' disables encryption and allows use of 1.x server. Use with caution!
2016-05-23_15:55:30.03092 [server1] Exiting: No key returned from server; server may be using 1.x protocol. The config flag 'allow_unencrypted' disables encryption and allows use of 1.x server. Use with caution!
gliptak commented 8 years ago

As a workaround, I created a local fork and implemented allow_unencrypted processing.

mmzyk commented 8 years ago

@gliptak This has been addressed by #84 and the release of the 2.8.1 release of this cookbook. Thanks for reporting the issue.